Short Bytes: The non-profit whistleblower Wikileaks has published 6 new documents disclosing information about Hive, a back-end infrastructure used to manage CIA implants. It is used to transfer data collected by implants to CIA and ask the implant to run specified commands. A public HTTPS interface is used to hide Hive in plain site.

Another Friday passed on April 14 and Wikileaks dropped another stack of Vault 7 documents in the wild. CIA is really pissed off at Wikileaks by now and it’s clear from CIA director’s mindset. The latest leak includes 6 new documents revealing a CIA project called Hive.

Before you read further, you might want to go take a refresher of the Vault 7 stories happened till now:

Hive is basically a back-end infrastructure designed by CIA to keep an eye on their malware implants out there in the wild. According to Wikileaks, it’s used by “CIA implants to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute tasks on targets.”

A surprising thing about the Hive malware control system is that it purports to have an HTTPS interface, taking advantage of “unsuspicious-looking cover domains to hide its presence.”

Image: Wikileaks

The user guide included in the documents describes two primary Hive functions as “beacon” and “interactive shell”. It further says that the functions, “limited in features”, behave like a launchpad for other “full featured tools.”

The release of the documents related to Hive also facilitates the missing string to a recent finding by Symantec researchers. Although, not naming directly, they were able to link 40 cyber attacks conducted by Longhorn to CIA after analyzing the Vault 7 documents.

They indicated the possibility of a “nation-state attacker” behind such attacks, considering the type of organizations targeted. Now, according to Wikileaks, the back-end infrastructure described in Hive documents resembles the one mentioned by Symantec researchers in their blog post.

Aditya likes to cover topics related to Microsoft, Windows 10, and interesting gadgets. But when he is not working, you can find him binge-watching random videos on YouTube (after he has wasted an hour on Netflix trying to find a good show).
Reach out at [email protected]